How to stop attackers getting a toehold on the corporate network